BYOD Systematic Literature review: A layered approach
DOI:
https://doi.org/10.47672/ejt.1006Keywords:
Briny Your Own Device, BYOD security, BYOD management, Security ControlsAbstract
Introduction: Bring your own device (BYOD) is a paradigm where employees use personal devices for organizational related activities. Various benefits accrued by both employees and organization. However, BYOD leads to risks and threats during their usage.
Purpose: The paper aimed at exploring benefits, risks, and suggested controls based on a systematic review of literature.
Methodology: A systematic review methodology was adopted for the study. A search using keywords was conducted to select peer-reviewed journal papers from 2010 to 2020 in ACM Digital Library, Emerald Insight, IEEE Explorer, Science Direct, and Taylor and Francis. Inclusion and exclusion criteria was applied, followed by quality appraisal on the selected articles, and then the data was extracted.
Results: According to the search results, BYOD research is on the rise. Benefits, risks, and controls associated with BYOD were also identified based on a layered approach. Findings indicate that user management is the weakest layer.
Originality/value: This paper adds to previous research on BYOD practices by highlighting key risks and suggesting practices that organizations can use to manage security and privacy risks in BYOD environments using a layered approach.
Downloads
References
Ajzen, I., & Thomas, J. M. (1986). Prediction of goal-directed behavior: Attitudes, intentions, and perceived behavioral control. Journal of experimental social psychology, 22(5), 453-474.
Akin-Adetoro, A., & Kabanda, S. (2015). Contextualizing BYOD in SMEs in developing countries. In Proceedings of the Southern African Institute for Computer Scientist and Information Technologists.
Alotaibi, B., & Haya, A. (2018). A review of BYOD security challenges, solutions and policy best practices. 1st International Conference on Computer Applications & Information Security (ICCAIS).
Amoud, M., & Roudies, O. (2017). Experiences in secure integration of BYOD. Proceedings of the 7th International Conference on Information Communication and Management.
Baillette, P., & Barlette, Y. (2018). Baillette, P., & Barlette, Y. (2018). BYOD-related innovations and organizational change for entrepreneurs and their employees in SMEs. Journal of Organizational Change Management, 31(4), 839-851.
Bello, A. G., David, M., & Jocelyn, A. (2017). A systematic approach to investigating how information security and privacy can be achieved in BYOD environments. Information & Computer Security, 25(4), 475-492.
Cho, V., & W, H. I. (2018). A study of BYOD adoption from the lens of threat and coping appraisal of its security policy. Enterprise Information Systems, 12(6), 659-673.
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS quarterly, 319-340.
Doargajudhur, M. S., & Peter, D. (2018). The effect of bring your own device (BYOD) adoption on work performance and motivation. Journal of Computer Information Systems, 60(6), 518-529.
Downer, K., & Maumita, B. (2015). BYOD security: A new business challenge. International Conference on Smart City/SocialCom/SustainCom (SmartCity).
Eslahi, M., Maryam, V. N., Hashim, H., Tahir, N. M., & Ezril, H. M. (2014). BYOD: Current state and security challenges. IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE).
Fani, N., Rossouw, v. S., & Mariana, G. (2016). A framework towards governing “Bring Your Own Device in SMMEs. Information Security for South Africa.
Ganiyu, S. O., & Rasheed, G. J. (2018). Characterising risk factors and countermeasures for risk evaluation of bring your own device strategy. International Journal of Information Security Science, 49-59.
Giwah, A. D. (2018). User Information Security Behavior Towards Data Breach in Bring Your Own Device (BYOD) Enabled Organizations-Leveraging Protection Motivation Theory. SoutheastCon.
Gupta, R., Garima, B., & Gurinder, S. (2019). Employee Perception and Behavioral Intention to Adopt BYOD in the Organizations. International Conference on Automation, Computational and Technology Management.
Harris, M. A., & Karen, P. P. (2014). Mobile device security considerations for small-and medium-sized enterprise business mobility. Information Management & Computer Security, 22(1), 97-114.
Hovav, A., & Frida, F. P. (2016). This is my device! Why should I follow your rules? Employees’ compliance with BYOD security policy. Pervasive and Mobile Computing, 32, 35-49.
Kadimo, K., Masego, B. K., Dineo, K., Lovie, E. S., Kagiso, B. S., Carrie, K., & Kutlo, B. (2018). Bring-your-own-device in medical schools and healthcare facilities: a review of the literature. International journal of medical informatics, 119, 94-102.
Ketel, M., & Thomas, S. (2015). Bring your own device: Security technologies. SoutheastCon.
Kitchenham, B., & Stuart, C. (2007). uidelines for performing systematic literature reviews in software engneering .
Kitchenham, B., O. Pearl, B., David, B., Mark, T., John, B., & Stephen, L. (2009). Systematic literature reviews in software engineering–a systematic literature review. Information and software technology, 51(1), 7-15.
Liang, H., & Yajiong, X. (2009). Avoidance of information technology threats: A theoretical perspective. MIS quarterly, 71-90.
Meisam, E., Maryam, V. N., H, H., N, M. ,., & Ezril, H. M. (2014). Byod: Current state and security challenges. IEEE Symposium on, (pp. 189–192).
Okoli, C., & Kira, S. (2010). A guide to conducting a systematic literature review of information systems research.
Olalere, M., Mohd, T. A., Ramlan, M., & Azizol, A. (2015). A review of bring your own device on security issues. Sage Open, 5(2).
Palanisamy, R., Azah, A. N., & Miss Laiha, M. K. (2020). BYOD policy compliance: Risks and strategies in organizations. Journal of Computer Information Systems, 1-12.
Ratchford, M. M., & Wang, Y. (2019). BYOD-Insure: A Security Assessment Model for Enterprise BYOD. Fifth Conference on Mobile and Secure Services (MobiSecServ).
Rogers, W. R. (1975). A protection motivation theory of fear appeals and attitude change1. Rogers, Ronald W. "A protection motivation theory of fear appeals and attitude change1." The journal of psychology, 91(1), 93-114.
Shumate, T. M. (2014). Bring your own device: benefits, risks and control techniques. IEEE Southeastcon.
Shumate, T., & Ketel, M. (2014). Bring your own device: Benefits, risks and control techniques. IEEE Southeastcon.
Souppaya, M., & Karen, S. (2013). Guidelines for managing the security of mobile devices in the enterprise. NIST special publication.
Straub, W. D., & Welke, J. R. (1998). Coping with systems risk: Security planning models for management decision making. MIS quarterly, 441-469.
Thompson, N., Tanya, J. M., & Xuequn, W. (2017). Security begins at home”: Determinants of home computer and mobile device security behavior. Computers & Security, 70, 376-391.
Wang, Y., Jinpeng, W., & Karthik, V. (2014). Bring your own device security issues and challenges. IEEE 11th Consumer Communications and Networking Conference .
Wani, T. A., Antonette, M., & Kathleen, G. (2019). BYOD in hospitals-security issues and mitigation strategies. Proceedings of the Australasian Computer Science Week Multiconference.
Zahadat, N., Paul, B., Timothy, B., & Bill, A. O. (2015). BYOD security engineering: A framework and its analysis. Computers & Security, 55, 81-99.
Zambrano, F. R., & Glen, D. R. (2018). Bring your own device: a survey of threats and security management models. International Journal of Electronic Business, 14(2), 146-170.
Downloads
Published
How to Cite
Issue
Section
License
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work’s authorship and initial publication in this journal.
